01/29/2007 14:49 6517351102 

Application Number 10/628,885 
Amer^dment dated January 29, 2007 
Responsive to OflBce Action mailed November 27, 2006 

AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the application. 
Listing of Claims: 

Claim 1 (Currently Amended): A method comprising: 

storing authorization data that defines an access control attribute and an associated 
regular expression specifying a textual pattern, wherein the access control attribute is a coarse- 
grain access control attribute defining access control ridits for a resource provided by a device: 

receiving a command from a client, wherein the command requests access to 
configuration data for the resource of the device: 

evaluating the [[a]] command using the regular expression to determine whether the 
conunand matches the textual pattern; and 

controlling access to the configuration data of ad e vio e bv the client based on the coarse- 
grain access control attribute and the evaluatio n of the regular_expression . 

Claim 2 (Currently Amended): The method of claim 1, wherein controlling access 
comprises allowing access to the configuration data whe n the access control attribute denies, 
access to the resource and t he textual pattern of the regular expression matches the command. 

Claim 3 (Currently Amended): The method of claim 1 , wherein controlling access 
comprises denyijig access to the configuration data when the access control attr ibute grants 
access to flie resource and t he textual pattern of the regular expression matches the command. 

Claim 4 (Original): The method of claim 1, wherein storing authorization data comprises 
storing the authorization data as an authorization class that conforms to a class syntax. 

Claim 5 (Cancelled). 
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Claim 6 (Currently Amended): The method of claim 1[[5]], wherein the coarse-grain 
access control attribute comprises a set of pcrraissipn bits, and each of the permission bits is 
associated with a respective group of the resources. 

Claim 7 (Currently Amended): The method of claim 1 , fiuther comprising receiving the 
command from tihe.[[a]] client via a coirmaud line interface. 

Claim 8 (Original): The method of claim 7, wherein evaluating the command comprises 
evaluating the command in real-time while the client inputs the command Nia the command line 
interface. 

Claim 9 (Original): The method of claim 1, wherein the configuration data is arranged in the 
form of a multi-level configuration hierarchy having a plurality of objects, and each of the 
objects represents a portion of the configuration data that relates to one or more resources of the 
device. 

Claim 1 0 (Original): The method of claim 9, wherein the objects have respective textual labels 
and the regular expression defines the textual pattern to match the textual labels of a set of one or 
more of the objects within the configuration hierarchy. 

Claim 1 1 (Original): The method of claim 10, wherein evaluating the command comprises 
applying the regular expression to the command to determine whether the conunand specifies any 
of the objects within the set. 

Claim 1 2 (Original): The method of claim 9, further comprising pre-processing the regular 
expiession to automatically insert one or more meta-characters into the regular expression based 
on the hierarchical arrangement of the configuration data. 
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Claim 13 (Currently Amended): The method of claim 9, fimher comprisingT 

rocoiving tho oommand from a cliont \4a a command lino interfho e ; and 

^pre-processing the regular expression so that the command is evaluated with the regular 

expression in real-time as the client enters the command. 

Claim 14 (Original): The method of claim 13, wherein evaluating the command comprises 
evaluating the command v^th the pre-processed regular expression each time the client enters a 
token indicating a textual break within the command. 

Claim 1 5 (Original): The method of claim 1 , wherein controlling access comprises controlling 
access to configuration data of a router 

Claim 1 6 (Withdrawn): A method comprising: 

storing configuration data for a device, wherein the configuration data is arranged in the 
form of a multi -level configuration hierarchy having a plurality of objects, each of the objects 
having a textual label and representing a portion of the configuration data; 

storing authorization data defining an access control attribute and an associated regular 
expression defining a textual pattern that identifies a set of one or more of the objects within the 
configuration hierarchy; 

applying the regular expression to a command to determine whether the command 
requests access to any of the objects within the set; and 

controlling access to configuration data of the device based on the determination. 

Claim 17 (Withdrawn): The method of claim 16, wherein controlling access comprises 
allowing a client to access to the configuration data represented by the objects requested by the 
oomimand. 

Claim 1 8 (Withdrawn): The method of claim 1 6, wherein controlling access comprises 
denying a client access to the configuration data represented by the objects requested by the 
command. 
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Claim 19 (Original): A method comprising: 

receiving input dejfining an access control attribute and an associated regular expression 
that specifies a textual pattern; 

pre-processing the regular expression to automatically insert one or more meta-characters 
into the regular expression; 

evaluating a command in real-time using the regular expression as a client enters the 
. command via a command line interface; and 

controlling access to configuration data of a device based on the evaluation. 

Claim 20 (Original): The method of claim 19, further comprising storing the configuration data 
in the form of a multi-level configuration hierarchy having a plurality of objects, viikerein pre- 
processing the regular expression comprises automatically inserting one or more meta-characters 
into the regular expression based on the hierarchical arrang^ent of the configuration data. 

Claim 2 1 (Original): The method of claim 1 9, the regular expression defines a textual pattern 
that identifies one or more of the objects within the configuration hierarchy, and evaluating the 
command comprises: 

applying the regular expression in real-time to determine v^hether a portion of the 
command that has been entered by the client matches the textual pattern; and 

selectively allowing the client to complete the command based on the determination. 



-5- 



PAGE 7/19 * RCVD AT lj2S/2007 2:52:26 PM [Eastern Stan^^^ 



01/29/2087 14: 49 6517351102 



SHUMAKER & SIEFFERT 



PAGE 08/19 



Application Number 10/628,885 

Amendment dated January 29, 2007 

Responsive to Office Action mailed l^ovember 27, 20O6 

Claim 22 (Currently Amended): A computer-readable medium comprising instructions for 
causing a programmable processor to: 

store authorization data that defines an access control attribute and an associated regular 
expression defining a textual pattern, wherein the access control attribute is a coarse- grain access 
control attribute defining access control rights for resources provided by a device : 

receive the conunand from a client, wherein the conmiand requests access to 
confi guration data of the device: 

e\'aluatc the.[Ia]] command using the regular expression to determine whether the 
conmiand matches the textual pattern; and 

control access to the configuration data of a d e vic e bv the client b ased on the coatse-grajn 
access control attribute and the evaluatio n of the regular expression . 

Claim 23 (Original): The computer-readable medium of claim 22, further comprising 
instructions to cause the programmable processor to allow access to the configuration data when 
the textual pattern of the regular expression matches the command. 

Claim 24 (Original): The computer-readable medium of claim 22, fiirther comprising 
instructions to cause the programmable processor to deny access to the configuration data when 
the textual pattern of the regular expression matches the command. 

Claim 25 (Cancelled)- 

Claim 26 (Currently Amended): The computer-readable medium of claim 22.[[25]1, wherein 
the coarse-grain access control attribute comprises a set of permission bits, and each of the 
permission bits is associated with a respective group of the resources. 

Claim 27 (Currently Amended): The computer-readable medium of claim 22, further 
comprising instructions to cause the programmable processor to receive tlie command from Ae. 
[[a]] client via a command line interface. 
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Claim 28 (Original): TTie computer-readable medium of claim 27, further comprising 
instructions to cause the programmable processor to evaluate the command in real-time while the 
client inputs the command via the command line interface. 

Claim 29 (Original): The computer-readable medium of claim 22, wherein the configuration 
data is arranged in the form of a multi-level conjfiguration hierarchy having a plurality of objects, 
and each of the objects represents a portion of the configuration data that relates to one or more 
resources of the device. 

Claim 30 (Original); The computer-readable medium of claim 29, wherein the objects have 
respective textual labels and the regular expression defines the textual pattern to match the 
textual labels of a set of one or more of the objects within the configuration hierarchy. 

Claim 3 1 (Original): The computer-readable medium of claim 30, wherein further comprising 
instructions to cause the programmable processor to apply the regular expression to the command 
to determine whether the conunand specifies any of the objects within the set. 

Claim 32 (Original): The computer-readable ^nedium of claim 29, further comprising 
instructions to cause the programmable processor to pre-process the regular expression to 
automatically insert one or more meta-characters into the r^lar expression based on the 
hierarchical arrangement of the configuration data. 

Claim 33 (Original): The computer-readable medium of claim 29, ftather comprising 
instructions to cause the prograrrmiable processor to receive the command fi*om a client via a 
command line interface, and pre-process the regular expression so that the command is evaluated 
with the regular expression in real-time as the client enters the command. 
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Claim 34 (OrigiDal): The computer-readable medium of claim 33, ftuther comprising 
instructions to cause the programmable processor to evaluate the command with the pre- 
processed regular expression each time the client enters a token indicating a textual break within 
the command. 

Claim 35 (Original): The computer-readable medium of claim 22, further comprising 
instructions to cause the programmable processor to control access to configuration data of a 
router- 
Claim 36 (Withdrawn): A device comprising: 

a computer-readable medium storing configuration data and autihorization data, wherein 
the authorization data defines an access control attribute and an associated regular expression 
specifying a textual pattern; and 

a management interface that receives a text-based conrunand to access the configuration 
data, wherein the management interface evaluates the command using the regular expression and 
controls access to the configuration data based on the evaluation. 

Claim 37 (Withdrawn): The device of claim 36, wherem the management interface allows 
access to the configuration data when the textual pattern of the regular expression matches the, 
command. 

Claim 38 (Withdrawn): The device of claim 36» wherein the management interface denies 
access to the configuration data when the textual pattern of the regular expression matches the 
command. 

Claim 39 (Withdrawn - Previously Presented): The device of claim 36, wherein the 
authorization data includes a coarse-grain access control attribute defining access control rights 
for respective groups of resources provided by the device, and the management interface controls 
access to the configuration data based on the coarse-grain access control attribute and the 
evaluation of the regular expression. 
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Claim 40 (Withdrawn - Previously Presented): The device of claim 39, wherein the coarse- 
grain access control attribute con)pri$e$ a set of permission bits, and each of the pennission bits 
is associated with a respective group of the resources. 

Claim 41 (Withdrawn): The device of claim 36, wherein the configuration data is arranged 
in the form of a multi-level configuration hierarchy having a plurality of objects, and each of the 
objects represents a portion of the configuration data that relates to one or more resources of the 
device. 

Claim 42 (Withdrawn): The device of claim 4 1 , wherein the objects have respective textual 
labels and the regular expression defines the textual pattem to match the textual labels of a set of 
one or more of the objects within the configiu^ation hierarchy. 

Claim 43 (Withdrawn): The device of claim 42, wherein the management interface applies 
the regular expression to the command to detennine whether the command specifies, any of the 
objects within the set. 

Claim 44 (Withdrawn): The device of claim 42, wherein the management interface pre- 
process the regular expression to automatically insert one or more meta-characters into the 
regular expression based on the hierarchical arrangement of the configuration data. 

Claim 45 (Withdrawn): The device of claim 36, wherein the management interface 
comprises a command line interface to receive the command from a client, and the management 
interface evaluates the command with regular expression in real-time as the client enters the 
command. 

Claim 46 (Withdrawn): The device of claim 45, wherein the management interface 
evaluates the command with the regular expression each time the client enters a token indicating 
a textual break within the command. 
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Claim 47 (Withdrawn): The device of claim 36, wherein the device comprises a router. 

Claim 48 (Withdrawn): A device comprising: 
a computer-readable medium comprising: 

configuration data arranged in the form of a rauW-Ievel configuration hieracrchy 
having a plurality of objects, each of the objects having a textual label and representing a 
portion of the configuration data, and 

authorization data that defines an access control attribute and an associated regular 
expression specifying a textual pattern, wherein the textual pattern identifies a set of one 
or more of the objects within the configuration hierarchy; and 

a management interface that applies the regular expression to a command to 
determine whether the command requests access to any of the objects within the set, and 
controls access to the configuration data based on the detennination. 

Claim 49 (Withdrawn): The device of claim 48, wherein based on the determination the 
management interface allows a client to access to the configuration data represented by the 
objects requested by the command. 

Claim 50 (Withdrawn): The device of claim 48, wherein based on the determination the 
management interface denies a client access to the configuration data represented by the objects 
requested by tb.e command. 

Claim 5 1 (Withdrawn): A device comprising: 

a computer-readable medium that stores configuration data, and 

a management interface that receives input defining an access control attribute and an 

associated regular expression that specifies a textual pattern, wherein 

the management interface pre-processes the regular expression to automatically insert one 

or more meta-characters into the regular expression, and stores the access control attribute and 

the pre-processed regular expression as authorization data to control access to the configuration 

data. 
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Claim 52 (Withdrawn): The device of claim 51, wherein the management interface further 
comprises a command line interface to receive a command from a client, wherein the 
management interface evaluates the command in real-time using the pre-processed regular 
expression as the client enters the command. 

Clarni 53 (Withdrawn - Previously Presented): A device comprising: 

a computer-^readable medium storing configxiration data and authorization data, wherein 
the authorization data defines: 

a fine-grain access control attribute and an associated regular expression 
specifying a textual pattern, and 

a coarse-grain access control attribute that defines access control rights for 
respective groups of resources provided by the device; and 

a management interface that evaluates a command received from a client using the 
regular expression of the fine-grain access control attribute, and controls access to the 
configuration data based on the course^grain access control attribute and the evaluation of the 
command. 

Claim 54 (Withdrawn): The device of claim 53, wherein the management interface allov/s 
access to the configuration data when the course-grain access control attribute does not allow 
access to a requested portion of the configuration data and the regular expression of the fine- 
grain access control attribute identifies a match between the command and the textual pattern. 

Claim 55 (Withdrawn): The device of claim 53, wherein the management interface denies 
access to the configuration data when the course-grain access control attribute allows access to a 
requested portion of the configuration data and the regular expression of the fine-grain access 
control attribute identifies a match between the command and the textual pattern. 
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